Overview

overview

7

Static

static

3

762d226a66...da.exe

windows7-x64

7

762d226a66...da.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 23:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    762d226a66cd228ba3c7991c20dc604face60fe41d776da8fc39a964417874da.exe

  • Size

    4.1MB

  • MD5

    cc8735f627d445498e226718a9f8c452

  • SHA1

    1989922ad03ce41fd620ca8037a8ed4c288d31b3

  • SHA256

    762d226a66cd228ba3c7991c20dc604face60fe41d776da8fc39a964417874da

  • SHA512

    74891582f528113479e5903c1b174ca62919454df0799f039bfd334cdf799a3732263f9d85cfc8c5616f836d2fc9303a77891f413c64876d1efbdbf10bfc7748

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpC4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmF5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\762d226a66cd228ba3c7991c20dc604face60fe41d776da8fc39a964417874da.exe
    "C:\Users\Admin\AppData\Local\Temp\762d226a66cd228ba3c7991c20dc604face60fe41d776da8fc39a964417874da.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Adobe8O\devdobsys.exe
      C:\Adobe8O\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4640

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Adobe8O\devdobsys.exe
    Filesize

    4.1MB

    MD5

    8b82cd9a6be8d1ac9c7c59071304d46c

    SHA1

    cfcce75ea88badeb304a568541347880089ee23f

    SHA256

    51b834b2505b379fb57b7bf5a33d465d4aa9d571d6b37fa1597256e5421e6bb1

    SHA512

    83cfafe03acb8e3da4b8d1f3c9e281a8019f536ae5ea56846b9372ba0c0a07b39c26c69393feb9d8177eac439024172af87bb807a74a0c0b0c33ef05b35614dc

    Download Submit
  • C:\KaVB88\dobaloc.exe
    Filesize

    2.3MB

    MD5

    63e0a0d0317c8d0596b4c4ed6bfcb667

    SHA1

    585f0b038bc704a3ece3a7e6efe980dedb3c21e9

    SHA256

    a6ef5e25b420deb276432d8ad0c9dced2057e427678719bd9b5f44efea3dc501

    SHA512

    6e6e7eec18b7bbea45eb84f290aa5493b40fe3d37ed3ad71a980ccb0071a85973a5bc8d273e9bb847aa3512ed11be78bd816662a2f0ccc0755b01e68c0046d82

    Download Submit
  • C:\KaVB88\dobaloc.exe
    Filesize

    4.1MB

    MD5

    9ff8dee5428c563f07e3ba95ec45c0f0

    SHA1

    b94963818ebf299c23cc7e5604b9e55ec3cf7efa

    SHA256

    092780bbbf1989c25f90126f31f2b7080f9a4250b6fe022b739f0d5b1e8495eb

    SHA512

    71a557052996a3b0c20ce25c488cb7aa617ee7c76f40f1993c462d966ade835c83d861629e9a895a28ab9c507a5c326305f705b55a562d65c7ef4f4d3fa2414a

    Download Submit
  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    aa8feed7b2ded28f04933c49ea2f5559

    SHA1

    4b5fac8b1ba55a10fe088ced7a0840aef914fb8a

    SHA256

    50899a1e6f7fe7b5699c0d70a5bd5762e2fd4aaacd5ce72bce91b8d82b332cea

    SHA512

    98f2201883e985e7b71df546bbaf6befcfd06f690750e3db0be995b9a1f036795ebbbb4fc967b4099fc21d7b04f4441c3d0ce65568d9f86180ee1595eca2d8b2

    Download Submit